Jump to content


This topic is now archived and is closed to further replies.


Does Eset Detect S5Mark As UA,PUA, or Malware?

Recommended Posts

Bitdefender recently published a whitepaper on Zacinlo malware which can be downloaded from here: https://labs.bitdefender.com/wp-content/uploads/downloads/six-years-and-counting-inside-the-complex-zacinlo-ad-fraud-operation/ .

Besides deploying a rootkit in the form of a validily signed device driver, the signing cert. now thankfully revoked, one of  Zacinlo malware components was s5Mark, a fake VPN utility. Appears s5Mark has been around for some time. Using the hashes for s5Mark provided in the whitepaper, I noticed that Eset per VirusTotal lookup did not detect any of its components; even the installer. I don't want to make a big deal about the VT non-detection since we have discussed that might not be fully representative of Eset's detection capability. However, I would like to know if Eset is flagging s5Mark as at least a UA/PUA since it has been deployed in other malware incidents.

s5Mark Hashes








Share this post

Link to post
Share on other sites

I will also add that the "adware" version of s5Mark that surfaced last year employed a SmartService component used to disable AV processing. This version of SmartService; i.e. file hash -  1d4236b3c446c1ab86c577615cc52d4edc99bf5b4077cd93e6cd37b90d6991a0, was deployed through a separate installer which Eset detects.

It appears that this latest malware "weaponized' version of s5Mark no longer deploys a separate installer for SmartService but instead installs its components via the s5Mark installer.

Share this post

Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.